The complexity of regulations related to a 401(k) Plan and the details involved in the administration of all the tasks associated with the Plan can be overwhelming. Most small to medium size 401(k) Plans use a service provider to assist them with Plan administration, recordkeeping, compliance requirements, and custodial activities. They also typically use a payroll service provider to help track time for hourly employees and run payroll for each pay period. It is the responsibility of the Plan Sponsor of the 401(k) Plan to monitor the service provided by these providers to ensure the transactions completed by the provider are being performed accurately, completely, timely, and in compliance with the Plan Document and with regulatory requirements.
We recommend before you engage with a service provider, you conduct due diligence work to ensure you are hiring the best provider for your needs. You should:
- Review their experience with plans of a similar size and structure.
- Review the qualifications of those that will provide the service from the provider.
- Ask for references from other customers.
- Discuss with the provider their business practices.
- Lastly, most large service providers will have something called a System and Organization Controls Report (SOC Report).
This SOC Report follows AICPA (Association of Independent Certified Public Accountants) requirements to review procedures and internal controls within an organization. These reports will describe the important procedures used by the service provider that is relevant to your Plan. Some reports will include a description of testing performed by an independent CPA firm on the controls and will list any deficiencies noted from the testing. You should request a copy of this report and review the information contained within.
To monitor the service organization:
- Obtain the annual SOC reports prepared and discuss with the service provider any items noted or questions you may have from the report.
- Discuss internally within your organization the response time given for individual transaction requests, questions given to the provider, and other inquiries. Also, discuss any errors noted in transaction processing.
- Inquire of your employees their impressions regarding the service provider's performance.
- Review selected transactions such as contribution submissions, distribution and loan requests, and transactions involving the forfeiture account (if applicable) to verify accuracy and timeliness in processing.
- Conduct an evaluation of the provider internally on a regular basis. As part of this review, search out other available providers and assess the best option for the Plan going forward.
Reviewing the performance provided by the service providers to your 401(k) Plan is an important part of the fiduciary duties with regard to the Plan. Outsourcing the responsibility for accuracy and compliance is not permitted by regulation. Constant oversight is very important to ensure proper 401(k) Plan administration.
For more information regarding service provider oversight and meeting your fiduciary Plan responsibility refer to the Department of Labor website.
If you would like to discuss Summit CPA Group’s audit process in more detail or need an audit for the first time, contact our office at (866) 497-9761. We’re here to help you navigate the world of the 401(k) audit as proficiently as possible. We also offer flat-fee pricing so there are no surprises on your bill when the job is complete.